My situation is very specific, but I don't think it is uncommon. I'm not very hopeful about the situation, but since I don't know networking that well there can be something I just can't see.

I live in an apartment complex, and the internet here is being routed by the ISP (Cox). I already got in contact with their tech support because I was having problems using applications which required certain ports to be easily accessible (My friend used an open source program to sniff the ports while I was trying to use the applications). According to tech support, it seems that there is one or more of those industrial modems doing the routing for the whole complex. The modems are then connected to Network switches which provide connection to each room (Ehernet jack on the wall).

-Firewall off still shows ports as closed
-There doesn't seem to be NAT masquerading when I observe the network details
-There is more than one port and more than one application with the problem
-Bandwidth is pretty good (10 down, 10 up).

Is the fact that port forwarding can't be done the real problem? (Since there doesn't seem to be NAT masquerading). If it is, is there really nothing else that can be done to help? Is it better if I get a router just to connect my computer to the jack on the wall and do port-forwarding in it?

What is the reason you need port forwarding? If you already got a normal, not RFC1918 IP then there would be no need for it.
–
HennesFeb 6 '13 at 23:19

The programs I use which uses certain ports behave as if the ports are closed. Sniffing indicates that the ports are closed. All I can think of, with my limited knowledge, is to forward them (Since they are not Blocked my the ISP).
–
OverAchieverFeb 7 '13 at 1:04

2

@Hennes He may have a IP but there may be a hardware firewall blocking all incoming traffic. My collage dorm was like that, I had a routeable IP, however all unsolicited inbound traffic would be blocked, so I could not host multiplayer games or create a direct connection to another person if they also where firewalled.
–
Scott ChamberlainFeb 7 '13 at 1:47

"Since they are not Blocked my the ISP" but they are blocked by your ISP, Cox is your apartments ISP, your ISP is the apartment complex.
–
Scott ChamberlainFeb 7 '13 at 2:12

Want to really blow your mind? Cox uses a ISP too! They are a tier 2 or tier 3 ISP and rely on higher tiers to connect to other ISPs.
–
Scott ChamberlainFeb 7 '13 at 2:15

3 Answers
3

You may have a public IP but if your apartment complex has a hardware firewall between you and the gateway (it could even be the gateway itself) you only have two options.

Hope that their firewall responds to UPnP requests to open a firewall port (this is unlikely as your programs most likely already try to do that and would have just worked.)

Ask the management if you can get the ports opened for your network connections. Who knows, maybe they just block to be cautious (I would never put any device on the internet without a hardware firewall in place (the NAT in home routers serves that purpose)) but they may open a firewall port for you if you ask nicely.

Is it better if I get a router just to connect my computer to the jack on the wall and do port-forwarding in it?

This won't work. Think about it this way:

Say I want to make a phone call to you, but your receptionist (the switches for the apartment) refuses to transfer my calls to you. If you highered an office assistant, and she promised to answer and forward any calls I made that the first receptionist forwarded to your extension, would it help at all?

Pretty good analogy. I might have to use that sometime; I get asked every once in a while why buying another router in an apartment complex won't solve their issues.
–
QixFeb 7 '13 at 6:08

As for using a router myself. I'm aware that having two Natings is pointless. The reason why I asked the question, however, is because I'm not sure if Nating is necessarily done from their part. I thought there was the chance that if the addressing was done by my router, then their modem would identify the Nating had already been done and wouldn't include me in it's own Nating. (From what the tech support said, modems are doing the routing)
–
OverAchieverFeb 7 '13 at 7:23

to avoid such situation among others simply use any machine with unlimited inward internet access (i.e. a dedicated/shared server of your choice) to setup a reverse tunnel to your target device and you are done.

This guarantees access from internet to any of your devices no matter how firewalled / port blocked they are.